[EAS] [BC] EAS Zombie Attack

Alex Hartman goober at goobe.net
Wed Feb 13 14:52:03 CST 2013 

Dave,

For the EAS vendors, i agree with all those sentiments, except #1, i
would *force* the user upon first installation / factory reset to set
a password other than default. You cannot get away from that until
it's done. Everything else seems like a reasonable request to me and
would be very easily done on many of the boxes out there (with
exception to the converters, which have little functionality to begin
with).

For the "plug and play" or "set it and forget it" boxes, that's
typically the problem. Minimal installation, minimal configuration,
manuals all over the 'net, etc. It requires a bit more work than that,
but the products i've outlined from Cisco, Sonicwall, et al, all do
that for around a grand. The level of control when you bounce from the
$70 Netgear to an $800 sonicwall is drastic, thus the wizards do ask
questions that people might not know about (intrusion intervals, GRE
packets, etc), and it simply comes with the territory. Most small
stations I run into typically has a computer company either on
retainer (since they don't pay for the IT guy) or will source one
locally that can help in those situations. Having the GM poking around
in the firewall is normally something i try to avoid for their sake.
Them clicking the wrong button or answering the wrong way in a wizard
can quickly lock themselves out of the router and shut down access to
the station.

Now for auditing your network, no box out there does that really. It's
a particularly customized software suite but there's packages made by
security companies available to do such things. There's a few webinars
available from Cisco, Juniper, Symantec, etc about security, i'll find
some links and post them here for you guys, they're pretty
comprehensive and don't get overly technical, more of a "101" class
type thing.

I get that most people don't want to be the support, figure it out
themselves, etc. That's why the appliances exist. I was just offering
it up as an alternative if people want to delve into the nightmare
that is firewalling without being intrusive. These machines can be set
up by themselves and used as a learning tool for most IP based things,
including basic routing, basic VLANS, etc. Things that are becoming
more commonplace in the broadcast plant that will eventually have to
be dealt with, either by you, or paying buco bucks to someone to fly
in and do it for you...

To each their own.

--
Alex Hartman

More information about the EAS mailing list